ajinabraham.njsscan.xss.xss_templates.handlebars_noescape
ajinabraham
Author
unknown
Download Count*
License
Disabling Escaping in Handlebars is not a secure behaviour. This can introduce XSS vulnerabilties.
Run Locally
Run in CI
Defintion
rules:
- id: handlebars_noescape
patterns:
- pattern: |
$X.compile(..., {noEscape: true}, ...)
message: Disabling Escaping in Handlebars is not a secure behaviour. This can
introduce XSS vulnerabilties.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a1
cwe: cwe-80
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/q3Xz